Peter Allgeyer wrote:
> My vote goes to OpenBSD, too. Why?
> * due to its emphasis on security, as Manuel said it.
> It's not only build with security in mind, there are also a lot of
> security related protocols like openssh which were actively pushed by
> the OpenBSD team.
> * the integration of pf and carp - pf is IMHO the best filtering
> language around (if you don't mention netfilter ;-)), very similar to
> ipfiter (since it's a further development of it), with a lot of
> features, ipfilter4 should also bring us, but how stable would it be?
> * carp/pfsync: this is the real highlight of OpenBSD and the real cause
> not choosing Linux/netfilter. A HA application for filtering, just
> like we know it from the good old Nokia appliances running the very
> expensive CP software. I can't imagine any better point for OpenBSD as
> this one, having stateful HA interfaces.
> Sure both, pf and carp are ported to FreeBSD as well, but nothing is
> better than the original.
> * OpenBSD IPsec implementation (isakmpd), giving us NAT-T, xauth (for
> cisco vpn clients for example) and filterable (!) Interfaces (one of
> the major points why I looked at OpenVPN in m0n0)
> * Hardware encryption: suports not only the soekris cards but also
> VIA C3 and the RNG of the Intel motherboards
> * better bridging code: STP support and able to be filtered by pf
> It convinces me in the integration of all these features. Not like
> FreeBSD/ipfw/ipfilter, OpenBSD uses one filtering language, one IPSEC
> implementation and integrates all those perfectly into the kernel,
> supporting cryptographic functions and accelaretion to all of them.
and on top of your perfect description:
openBSD is pure BSD licensed not like other OS which underlies only
halfway the BSD license because they integrate SSH form X, SSL form Y, ...